Sensitive Information in Resource Not Removed Before Reuse

CVE-2023-1637

Medium

5.5/10

Summary

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

References

Advisory Timeline

Published Mar 27, 2023

Sensitive Information in Resource Not Removed Before Reuse

CVE-2023-1637

Summary

CWE-226 - Sensitive Information in Resource Not Removed Before Reuse

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS